2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 #include <krb5-types.h>
50 #include <krb5_asn1.h>
51 typedef Krb5Int32 krb5int32
;
52 typedef Krb5UInt32 krb5uint32
;
54 /* name confusion with MIT */
55 #ifndef KRB5KDC_ERR_KEY_EXP
56 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
60 #define KRB5_CALLCONV __stdcall
61 #define KRB5_LIB_CALL __stdcall
67 /* simple constants */
74 typedef int krb5_boolean
;
76 typedef int32_t krb5_error_code
;
78 typedef int32_t krb5_kvno
;
80 typedef uint32_t krb5_flags
;
82 typedef void *krb5_pointer
;
83 typedef const void *krb5_const_pointer
;
85 struct krb5_crypto_data
;
86 typedef struct krb5_crypto_data
*krb5_crypto
;
88 struct krb5_get_creds_opt_data
;
89 typedef struct krb5_get_creds_opt_data
*krb5_get_creds_opt
;
91 struct krb5_digest_data
;
92 typedef struct krb5_digest_data
*krb5_digest
;
93 struct krb5_ntlm_data
;
94 typedef struct krb5_ntlm_data
*krb5_ntlm
;
97 typedef struct krb5_pac_data
*krb5_pac
;
99 typedef struct krb5_rd_req_in_ctx_data
*krb5_rd_req_in_ctx
;
100 typedef struct krb5_rd_req_out_ctx_data
*krb5_rd_req_out_ctx
;
102 typedef CKSUMTYPE krb5_cksumtype
;
104 typedef Checksum krb5_checksum
;
106 typedef ENCTYPE krb5_enctype
;
108 typedef struct krb5_get_init_creds_ctx
*krb5_init_creds_context
;
110 typedef heim_octet_string krb5_data
;
112 /* PKINIT related forward declarations */
114 struct krb5_pk_identity
;
117 /* krb5_enc_data is a mit compat structure */
118 typedef struct krb5_enc_data
{
119 krb5_enctype enctype
;
121 krb5_data ciphertext
;
124 /* alternative names */
125 #define ENCTYPE_NULL KRB5_ENCTYPE_NULL
126 #define ENCTYPE_DES_CBC_CRC KRB5_ENCTYPE_DES_CBC_CRC
127 #define ENCTYPE_DES_CBC_MD4 KRB5_ENCTYPE_DES_CBC_MD4
128 #define ENCTYPE_DES_CBC_MD5 KRB5_ENCTYPE_DES_CBC_MD5
129 #define ENCTYPE_DES3_CBC_MD5 KRB5_ENCTYPE_DES3_CBC_MD5
130 #define ENCTYPE_OLD_DES3_CBC_SHA1 KRB5_ENCTYPE_OLD_DES3_CBC_SHA1
131 #define ENCTYPE_SIGN_DSA_GENERATE KRB5_ENCTYPE_SIGN_DSA_GENERATE
132 #define ENCTYPE_ENCRYPT_RSA_PRIV KRB5_ENCTYPE_ENCRYPT_RSA_PRIV
133 #define ENCTYPE_ENCRYPT_RSA_PUB KRB5_ENCTYPE_ENCRYPT_RSA_PUB
134 #define ENCTYPE_DES3_CBC_SHA1 KRB5_ENCTYPE_DES3_CBC_SHA1
135 #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96
136 #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96
137 #define ENCTYPE_ARCFOUR_HMAC KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
138 #define ENCTYPE_ARCFOUR_HMAC_MD5 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
139 #define ENCTYPE_ARCFOUR_HMAC_MD5_56 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56
140 #define ENCTYPE_ENCTYPE_PK_CROSS KRB5_ENCTYPE_ENCTYPE_PK_CROSS
141 #define ENCTYPE_DES_CBC_NONE KRB5_ENCTYPE_DES_CBC_NONE
142 #define ENCTYPE_DES3_CBC_NONE KRB5_ENCTYPE_DES3_CBC_NONE
143 #define ENCTYPE_DES_CFB64_NONE KRB5_ENCTYPE_DES_CFB64_NONE
144 #define ENCTYPE_DES_PCBC_NONE KRB5_ENCTYPE_DES_PCBC_NONE
145 #define ETYPE_NULL KRB5_ENCTYPE_NULL
146 #define ETYPE_DES_CBC_CRC KRB5_ENCTYPE_DES_CBC_CRC
147 #define ETYPE_DES_CBC_MD4 KRB5_ENCTYPE_DES_CBC_MD4
148 #define ETYPE_DES_CBC_MD5 KRB5_ENCTYPE_DES_CBC_MD5
149 #define ETYPE_DES3_CBC_MD5 KRB5_ENCTYPE_DES3_CBC_MD5
150 #define ETYPE_OLD_DES3_CBC_SHA1 KRB5_ENCTYPE_OLD_DES3_CBC_SHA1
151 #define ETYPE_SIGN_DSA_GENERATE KRB5_ENCTYPE_SIGN_DSA_GENERATE
152 #define ETYPE_ENCRYPT_RSA_PRIV KRB5_ENCTYPE_ENCRYPT_RSA_PRIV
153 #define ETYPE_ENCRYPT_RSA_PUB KRB5_ENCTYPE_ENCRYPT_RSA_PUB
154 #define ETYPE_DES3_CBC_SHA1 KRB5_ENCTYPE_DES3_CBC_SHA1
155 #define ETYPE_AES128_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96
156 #define ETYPE_AES256_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96
157 #define ETYPE_AES128_CTS_HMAC_SHA256_128 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128
158 #define ETYPE_AES256_CTS_HMAC_SHA384_192 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192
159 #define ETYPE_ARCFOUR_HMAC_MD5 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
160 #define ETYPE_ARCFOUR_HMAC_MD5_56 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56
161 #define ETYPE_ENCTYPE_PK_CROSS KRB5_ENCTYPE_ENCTYPE_PK_CROSS
162 #define ETYPE_ARCFOUR_MD4 KRB5_ENCTYPE_ARCFOUR_MD4
163 #define ETYPE_ARCFOUR_HMAC_OLD KRB5_ENCTYPE_ARCFOUR_HMAC_OLD
164 #define ETYPE_ARCFOUR_HMAC_OLD_EXP KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP
165 #define ETYPE_DES_CBC_NONE KRB5_ENCTYPE_DES_CBC_NONE
166 #define ETYPE_DES3_CBC_NONE KRB5_ENCTYPE_DES3_CBC_NONE
167 #define ETYPE_DES_CFB64_NONE KRB5_ENCTYPE_DES_CFB64_NONE
168 #define ETYPE_DES_PCBC_NONE KRB5_ENCTYPE_DES_PCBC_NONE
169 #define ETYPE_DIGEST_MD5_NONE KRB5_ENCTYPE_DIGEST_MD5_NONE
170 #define ETYPE_CRAM_MD5_NONE KRB5_ENCTYPE_CRAM_MD5_NONE
171 #define DOMAIN_X500_COMPRESS domain_X500_compress
174 typedef enum krb5_pdu
{
177 KRB5_PDU_AS_REQUEST
= 2,
178 KRB5_PDU_AS_REPLY
= 3,
179 KRB5_PDU_TGS_REQUEST
= 4,
180 KRB5_PDU_TGS_REPLY
= 5,
181 KRB5_PDU_AP_REQUEST
= 6,
182 KRB5_PDU_AP_REPLY
= 7,
183 KRB5_PDU_KRB_SAFE
= 8,
184 KRB5_PDU_KRB_PRIV
= 9,
185 KRB5_PDU_KRB_CRED
= 10,
186 KRB5_PDU_NONE
= 11 /* See krb5_get_permitted_enctypes() */
189 typedef PADATA_TYPE krb5_preauthtype
;
191 typedef enum krb5_key_usage
{
192 KRB5_KU_PA_ENC_TIMESTAMP
= 1,
193 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
194 client key (section 5.4.1) */
196 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
197 application session key), encrypted with the service key
199 KRB5_KU_AS_REP_ENC_PART
= 3,
200 /* AS-REP encrypted part (includes tgs session key or application
201 session key), encrypted with the client key (section 5.4.2) */
202 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION
= 4,
203 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
204 session key (section 5.4.1) */
205 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY
= 5,
206 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
207 authenticator subkey (section 5.4.1) */
208 KRB5_KU_TGS_REQ_AUTH_CKSUM
= 6,
209 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
210 with the tgs session key (sections 5.3.2, 5.4.1) */
211 KRB5_KU_TGS_REQ_AUTH
= 7,
212 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
213 authenticator subkey), encrypted with the tgs session key
215 KRB5_KU_TGS_REP_ENC_PART_SESSION
= 8,
216 /* TGS-REP encrypted part (includes application session key),
217 encrypted with the tgs session key (section 5.4.2) */
218 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY
= 9,
219 /* TGS-REP encrypted part (includes application session key),
220 encrypted with the tgs authenticator subkey (section 5.4.2) */
221 KRB5_KU_AP_REQ_AUTH_CKSUM
= 10,
222 /* AP-REQ Authenticator cksum, keyed with the application session
223 key (section 5.3.2) */
224 KRB5_KU_AP_REQ_AUTH
= 11,
225 /* AP-REQ Authenticator (includes application authenticator
226 subkey), encrypted with the application session key (section
228 KRB5_KU_AP_REQ_ENC_PART
= 12,
229 /* AP-REP encrypted part (includes application session subkey),
230 encrypted with the application session key (section 5.5.2) */
231 KRB5_KU_KRB_PRIV
= 13,
232 /* KRB-PRIV encrypted part, encrypted with a key chosen by the
233 application (section 5.7.1) */
234 KRB5_KU_KRB_CRED
= 14,
235 /* KRB-CRED encrypted part, encrypted with a key chosen by the
236 application (section 5.8.1) */
237 KRB5_KU_KRB_SAFE_CKSUM
= 15,
238 /* KRB-SAFE cksum, keyed with a key chosen by the application
240 KRB5_KU_OTHER_ENCRYPTED
= 16,
241 /* Data which is defined in some specification outside of
242 Kerberos to be encrypted using an RFC1510 encryption type. */
243 KRB5_KU_OTHER_CKSUM
= 17,
244 /* Data which is defined in some specification outside of
245 Kerberos to be checksummed using an RFC1510 checksum type. */
246 KRB5_KU_KRB_ERROR
= 18,
247 /* Krb-error checksum */
248 KRB5_KU_AD_KDC_ISSUED
= 19,
249 /* AD-KDCIssued checksum */
250 KRB5_KU_MANDATORY_TICKET_EXTENSION
= 20,
251 /* Checksum for Mandatory Ticket Extensions */
252 KRB5_KU_AUTH_DATA_TICKET_EXTENSION
= 21,
253 /* Checksum in Authorization Data in Ticket Extensions */
254 KRB5_KU_USAGE_SEAL
= 22,
255 /* seal in GSSAPI krb5 mechanism */
256 KRB5_KU_USAGE_SIGN
= 23,
257 /* sign in GSSAPI krb5 mechanism */
258 KRB5_KU_USAGE_SEQ
= 24,
259 /* SEQ in GSSAPI krb5 mechanism */
260 KRB5_KU_USAGE_ACCEPTOR_SEAL
= 22,
261 /* acceptor sign in GSSAPI CFX krb5 mechanism */
262 KRB5_KU_USAGE_ACCEPTOR_SIGN
= 23,
263 /* acceptor seal in GSSAPI CFX krb5 mechanism */
264 KRB5_KU_USAGE_INITIATOR_SEAL
= 24,
265 /* initiator sign in GSSAPI CFX krb5 mechanism */
266 KRB5_KU_USAGE_INITIATOR_SIGN
= 25,
267 /* initiator seal in GSSAPI CFX krb5 mechanism */
268 KRB5_KU_PA_SERVER_REFERRAL_DATA
= 22,
269 /* encrypted server referral data */
270 KRB5_KU_SAM_CHECKSUM
= 25,
271 /* Checksum for the SAM-CHECKSUM field */
272 KRB5_KU_SAM_ENC_TRACK_ID
= 26,
273 /* Encryption of the SAM-TRACK-ID field */
274 KRB5_KU_PA_SERVER_REFERRAL
= 26,
275 /* Keyusage for the server referral in a TGS req */
276 KRB5_KU_SAM_ENC_NONCE_SAD
= 27,
277 /* Encryption of the SAM-NONCE-OR-SAD field */
278 KRB5_KU_PA_PKINIT_KX
= 44,
279 /* Encryption type of the kdc session contribution in pk-init */
281 /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */
282 KRB5_KU_FAST_REQ_CHKSUM
= 50,
283 /* FAST armor checksum */
284 KRB5_KU_FAST_ENC
= 51,
285 /* FAST armor encryption */
286 KRB5_KU_FAST_REP
= 52,
287 /* FAST armor reply */
288 KRB5_KU_FAST_FINISHED
= 53,
289 /* FAST finished checksum */
290 KRB5_KU_ENC_CHALLENGE_CLIENT
= 54,
291 /* fast challenge from client */
292 KRB5_KU_ENC_CHALLENGE_KDC
= 55,
293 /* fast challenge from kdc */
294 KRB5_KU_DIGEST_ENCRYPT
= -18,
295 /* Encryption key usage used in the digest encryption field */
296 KRB5_KU_DIGEST_OPAQUE
= -19,
297 /* Checksum key usage used in the digest opaque field */
298 KRB5_KU_KRB5SIGNEDPATH
= -21,
299 /* Checksum key usage on KRB5SignedPath */
300 KRB5_KU_CANONICALIZED_NAMES
= -23,
301 /* Checksum key usage on PA-CANONICALIZED */
302 KRB5_KU_H5L_COOKIE
= -25
306 typedef krb5_key_usage krb5_keyusage
;
308 typedef enum krb5_salttype
{
309 KRB5_PW_SALT
= KRB5_PADATA_PW_SALT
,
310 KRB5_AFS3_SALT
= KRB5_PADATA_AFS3_SALT
313 typedef struct krb5_salt
{
314 krb5_salttype salttype
;
318 typedef ETYPE_INFO krb5_preauthinfo
;
321 krb5_preauthtype type
;
322 krb5_preauthinfo info
; /* list of preauthinfo for this type */
323 } krb5_preauthdata_entry
;
325 typedef struct krb5_preauthdata
{
327 krb5_preauthdata_entry
*val
;
330 typedef enum krb5_address_type
{
331 KRB5_ADDRESS_INET
= 2,
332 KRB5_ADDRESS_NETBIOS
= 20,
333 KRB5_ADDRESS_INET6
= 24,
334 KRB5_ADDRESS_ADDRPORT
= 256,
335 KRB5_ADDRESS_IPPORT
= 257
339 AP_OPTS_USE_SESSION_KEY
= 1,
340 AP_OPTS_MUTUAL_REQUIRED
= 2,
341 AP_OPTS_USE_SUBKEY
= 4 /* library internal */
344 typedef HostAddress krb5_address
;
346 typedef HostAddresses krb5_addresses
;
348 typedef krb5_enctype krb5_keytype
;
350 enum krb5_keytype_old
{
351 KEYTYPE_NULL
= ETYPE_NULL
,
352 KEYTYPE_DES
= ETYPE_DES_CBC_CRC
,
353 KEYTYPE_DES3
= ETYPE_OLD_DES3_CBC_SHA1
,
354 KEYTYPE_AES128
= ETYPE_AES128_CTS_HMAC_SHA1_96
,
355 KEYTYPE_AES256
= ETYPE_AES256_CTS_HMAC_SHA1_96
,
356 KEYTYPE_ARCFOUR
= ETYPE_ARCFOUR_HMAC_MD5
,
357 KEYTYPE_ARCFOUR_56
= ETYPE_ARCFOUR_HMAC_MD5_56
360 typedef EncryptionKey krb5_keyblock
;
362 typedef AP_REQ krb5_ap_req
;
366 #define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_"
368 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
370 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \
371 krb5_config_get_bool_default((C), NULL, TRUE, \
372 "libdefaults", "accept_null_addresses", \
375 typedef void *krb5_cc_cursor
;
376 typedef struct krb5_cccol_cursor_data
*krb5_cccol_cursor
;
378 typedef struct krb5_ccache_data
{
379 const struct krb5_cc_ops
*ops
;
381 unsigned int cc_initialized
:1; /* if 1: krb5_cc_initialize() called */
382 unsigned int cc_need_start_realm
:1;
383 unsigned int cc_start_tgt_stored
:1;
384 unsigned int cc_kx509_done
:1;
387 typedef struct krb5_ccache_data
*krb5_ccache
;
389 typedef struct krb5_context_data
*krb5_context
;
391 typedef Realm krb5_realm
;
392 typedef const char *krb5_const_realm
; /* stupid language */
394 #define krb5_realm_length(r) strlen(r)
395 #define krb5_realm_data(r) (r)
397 typedef Principal krb5_principal_data
;
398 typedef struct Principal
*krb5_principal
;
399 typedef const struct Principal
*krb5_const_principal
;
400 typedef struct Principals
*krb5_principals
;
402 typedef time_t krb5_deltat
;
403 typedef time_t krb5_timestamp
;
405 typedef struct krb5_times
{
406 krb5_timestamp authtime
;
407 krb5_timestamp starttime
;
408 krb5_timestamp endtime
;
409 krb5_timestamp renew_till
;
417 /* options for krb5_get_in_tkt() */
418 #define KDC_OPT_FORWARDABLE (1 << 1)
419 #define KDC_OPT_FORWARDED (1 << 2)
420 #define KDC_OPT_PROXIABLE (1 << 3)
421 #define KDC_OPT_PROXY (1 << 4)
422 #define KDC_OPT_ALLOW_POSTDATE (1 << 5)
423 #define KDC_OPT_POSTDATED (1 << 6)
424 #define KDC_OPT_RENEWABLE (1 << 8)
425 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
426 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
427 #define KDC_OPT_RENEWABLE_OK (1 << 27)
428 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
429 #define KDC_OPT_RENEW (1 << 30)
430 #define KDC_OPT_VALIDATE (1 << 31)
437 /* flags for krb5_verify_ap_req */
439 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
440 #define KRB5_VERIFY_AP_REQ_IGNORE_ADDRS (1 << 1)
442 #define KRB5_GC_CACHED (1U << 0)
443 #define KRB5_GC_USER_USER (1U << 1)
444 #define KRB5_GC_EXPIRED_OK (1U << 2)
445 #define KRB5_GC_NO_STORE (1U << 3)
446 #define KRB5_GC_FORWARDABLE (1U << 4)
447 #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
448 #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6)
449 #define KRB5_GC_CANONICALIZE (1U << 7)
450 #define KRB5_GC_ANONYMOUS (1U << 8)
452 /* constants for compare_creds (and cc_retrieve_cred) */
453 #define KRB5_TC_DONT_MATCH_REALM (1U << 31)
454 #define KRB5_TC_MATCH_KEYTYPE (1U << 30)
455 #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
456 #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
457 #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
458 #define KRB5_TC_MATCH_FLAGS (1 << 27)
459 #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
460 #define KRB5_TC_MATCH_TIMES (1 << 25)
461 #define KRB5_TC_MATCH_AUTHDATA (1 << 24)
462 #define KRB5_TC_MATCH_2ND_TKT (1 << 23)
463 #define KRB5_TC_MATCH_IS_SKEY (1 << 22)
465 /* constants for get_flags and set_flags */
466 #define KRB5_TC_OPENCLOSE 0x00000001
467 #define KRB5_TC_NOTICKET 0x00000002
469 typedef AuthorizationData krb5_authdata
;
471 typedef KRB_ERROR krb5_error
;
473 typedef struct krb5_creds
{
474 krb5_principal client
;
475 krb5_principal server
;
476 krb5_keyblock session
;
479 krb5_data second_ticket
;
480 krb5_authdata authdata
;
481 krb5_addresses addresses
;
482 krb5_ticket_flags flags
;
485 typedef struct krb5_cc_cache_cursor_data
*krb5_cc_cache_cursor
;
487 #define KRB5_CC_OPS_VERSION_0 0
488 #define KRB5_CC_OPS_VERSION_1 1
489 #define KRB5_CC_OPS_VERSION_2 2
490 #define KRB5_CC_OPS_VERSION_3 3
491 #define KRB5_CC_OPS_VERSION_5 5
493 /* Only extend the structure. Do not change signatures. */
494 typedef struct krb5_cc_ops
{
498 const char* (KRB5_CALLCONV
* get_name
)(krb5_context
, krb5_ccache
);
499 krb5_error_code (KRB5_CALLCONV
* resolve
)(krb5_context
, krb5_ccache
*, const char *);
500 krb5_error_code (KRB5_CALLCONV
* gen_new
)(krb5_context
, krb5_ccache
*);
501 krb5_error_code (KRB5_CALLCONV
* init
)(krb5_context
, krb5_ccache
, krb5_principal
);
502 krb5_error_code (KRB5_CALLCONV
* destroy
)(krb5_context
, krb5_ccache
);
503 krb5_error_code (KRB5_CALLCONV
* close
)(krb5_context
, krb5_ccache
);
504 krb5_error_code (KRB5_CALLCONV
* store
)(krb5_context
, krb5_ccache
, krb5_creds
*);
505 krb5_error_code (KRB5_CALLCONV
* retrieve
)(krb5_context
, krb5_ccache
,
506 krb5_flags
, const krb5_creds
*, krb5_creds
*);
507 krb5_error_code (KRB5_CALLCONV
* get_princ
)(krb5_context
, krb5_ccache
, krb5_principal
*);
508 krb5_error_code (KRB5_CALLCONV
* get_first
)(krb5_context
, krb5_ccache
, krb5_cc_cursor
*);
509 krb5_error_code (KRB5_CALLCONV
* get_next
)(krb5_context
, krb5_ccache
,
510 krb5_cc_cursor
*, krb5_creds
*);
511 krb5_error_code (KRB5_CALLCONV
* end_get
)(krb5_context
, krb5_ccache
, krb5_cc_cursor
*);
512 krb5_error_code (KRB5_CALLCONV
* remove_cred
)(krb5_context
, krb5_ccache
,
513 krb5_flags
, krb5_creds
*);
514 krb5_error_code (KRB5_CALLCONV
* set_flags
)(krb5_context
, krb5_ccache
, krb5_flags
);
515 int (KRB5_CALLCONV
* get_version
)(krb5_context
, krb5_ccache
);
516 krb5_error_code (KRB5_CALLCONV
* get_cache_first
)(krb5_context
, krb5_cc_cursor
*);
517 krb5_error_code (KRB5_CALLCONV
* get_cache_next
)(krb5_context
, krb5_cc_cursor
,
519 krb5_error_code (KRB5_CALLCONV
* end_cache_get
)(krb5_context
, krb5_cc_cursor
);
520 krb5_error_code (KRB5_CALLCONV
* move
)(krb5_context
, krb5_ccache
, krb5_ccache
);
521 krb5_error_code (KRB5_CALLCONV
* get_default_name
)(krb5_context
, char **);
523 krb5_error_code (KRB5_CALLCONV
* set_default
)(krb5_context
, krb5_ccache
);
525 krb5_error_code (KRB5_CALLCONV
* lastchange
)(krb5_context
, krb5_ccache
, krb5_timestamp
*);
527 krb5_error_code (KRB5_CALLCONV
* set_kdc_offset
)(krb5_context
, krb5_ccache
, krb5_deltat
);
528 krb5_error_code (KRB5_CALLCONV
* get_kdc_offset
)(krb5_context
, krb5_ccache
, krb5_deltat
*);
530 krb5_error_code (KRB5_CALLCONV
* get_name_2
)(krb5_context
, krb5_ccache
,
531 const char **id
, const char **res
,
533 krb5_error_code (KRB5_CALLCONV
* resolve_2
)(krb5_context
, krb5_ccache
*id
, const char *res
,
535 /* Add new functions here for versions 6 and above */
539 * krb5_config_binding is identical to struct heim_config_binding
540 * within heimbase.h. Its format is public and used by callers of
541 * krb5_config_get_list() and krb5_config_vget_list().
543 enum krb5_config_type
{
547 struct krb5_config_binding
{
548 enum krb5_config_type type
;
550 struct krb5_config_binding
*next
;
553 struct krb5_config_binding
*list
;
558 typedef struct krb5_config_binding krb5_config_binding
;
559 typedef krb5_config_binding krb5_config_section
;
561 typedef struct krb5_ticket
{
562 EncTicketPart ticket
;
563 krb5_principal client
;
564 krb5_principal server
;
567 typedef Authenticator krb5_authenticator_data
;
569 typedef krb5_authenticator_data
*krb5_authenticator
;
571 struct krb5_rcache_data
;
572 typedef struct krb5_rcache_data
*krb5_rcache
;
573 typedef Authenticator krb5_donot_replay
;
575 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
576 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
577 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
578 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
579 #define KRB5_STORAGE_BYTEORDER_MASK 0x70
580 #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
581 #define KRB5_STORAGE_BYTEORDER_PACKED 0x10
582 #define KRB5_STORAGE_BYTEORDER_LE 0x20
583 #define KRB5_STORAGE_BYTEORDER_HOST 0x40
584 #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
586 struct krb5_storage_data
;
587 typedef struct krb5_storage_data krb5_storage
;
589 typedef struct krb5_keytab_entry
{
590 krb5_principal principal
;
592 krb5_keyblock keyblock
;
595 krb5_principals aliases
;
598 typedef struct krb5_kt_cursor
{
604 struct krb5_keytab_data
;
606 typedef struct krb5_keytab_data
*krb5_keytab
;
608 #define KRB5_KT_PREFIX_MAX_LEN 30
610 struct krb5_keytab_data
{
612 krb5_error_code (KRB5_CALLCONV
* resolve
)(krb5_context
, const char*, krb5_keytab
);
613 krb5_error_code (KRB5_CALLCONV
* get_name
)(krb5_context
, krb5_keytab
, char*, size_t);
614 krb5_error_code (KRB5_CALLCONV
* close
)(krb5_context
, krb5_keytab
);
615 krb5_error_code (KRB5_CALLCONV
* destroy
)(krb5_context
, krb5_keytab
);
616 krb5_error_code (KRB5_CALLCONV
* get
)(krb5_context
, krb5_keytab
, krb5_const_principal
,
617 krb5_kvno
, krb5_enctype
, krb5_keytab_entry
*);
618 krb5_error_code (KRB5_CALLCONV
* start_seq_get
)(krb5_context
, krb5_keytab
, krb5_kt_cursor
*);
619 krb5_error_code (KRB5_CALLCONV
* next_entry
)(krb5_context
, krb5_keytab
,
620 krb5_keytab_entry
*, krb5_kt_cursor
*);
621 krb5_error_code (KRB5_CALLCONV
* end_seq_get
)(krb5_context
, krb5_keytab
, krb5_kt_cursor
*);
622 krb5_error_code (KRB5_CALLCONV
* add
)(krb5_context
, krb5_keytab
, krb5_keytab_entry
*);
623 krb5_error_code (KRB5_CALLCONV
* remove
)(krb5_context
, krb5_keytab
, krb5_keytab_entry
*);
628 typedef struct krb5_keytab_data krb5_kt_ops
;
630 struct krb5_keytab_key_proc_args
{
632 krb5_principal principal
;
635 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args
;
637 typedef struct krb5_replay_data
{
638 krb5_timestamp timestamp
;
643 /* flags for krb5_auth_con_setflags */
645 KRB5_AUTH_CONTEXT_DO_TIME
= 1,
646 KRB5_AUTH_CONTEXT_RET_TIME
= 2,
647 KRB5_AUTH_CONTEXT_DO_SEQUENCE
= 4,
648 KRB5_AUTH_CONTEXT_RET_SEQUENCE
= 8,
649 KRB5_AUTH_CONTEXT_PERMIT_ALL
= 16,
650 KRB5_AUTH_CONTEXT_USE_SUBKEY
= 32,
651 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
= 64
654 /* flags for krb5_auth_con_genaddrs */
656 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
= 1,
657 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR
= 3,
658 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
= 4,
659 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR
= 12
662 typedef struct krb5_auth_context_data
{
665 krb5_address
*local_address
;
666 krb5_address
*remote_address
;
669 krb5_keyblock
*keyblock
;
670 krb5_keyblock
*local_subkey
;
671 krb5_keyblock
*remote_subkey
;
673 uint32_t local_seqnumber
;
674 uint32_t remote_seqnumber
;
676 krb5_authenticator authenticator
;
678 krb5_pointer i_vector
;
682 krb5_keytype keytype
; /* ¿requested key type ? */
683 krb5_cksumtype cksumtype
; /* ¡requested checksum type! */
685 AuthorizationData
*auth_data
;
687 }krb5_auth_context_data
, *krb5_auth_context
;
691 EncKDCRepPart enc_part
;
695 extern const char *heimdal_version
, *heimdal_long_version
;
697 typedef void (KRB5_CALLCONV
* krb5_log_log_func_t
)(krb5_context
,
701 typedef void (KRB5_CALLCONV
* krb5_log_close_func_t
)(void*);
703 typedef struct heim_log_facility_s krb5_log_facility
;
705 typedef EncAPRepPart krb5_ap_rep_enc_part
;
707 #define KRB5_RECVAUTH_IGNORE_VERSION 1
709 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
711 #define KRB5_TGS_NAME_SIZE (6)
712 #define KRB5_TGS_NAME ("krbtgt")
713 #define KRB5_WELLKNOWN_NAME ("WELLKNOWN")
714 #define KRB5_ANON_NAME ("ANONYMOUS")
715 #define KRB5_ANON_REALM ("WELLKNOWN:ANONYMOUS")
716 #define KRB5_FEDERATED_NAME ("FEDERATED")
717 #define KRB5_FEDERATED_REALM ("WELLKNOWN:FEDERATED")
718 #define KRB5_WELLKNOWN_ORG_H5L_REALM ("WELLKNOWN:ORG.H5L")
719 #define KRB5_DIGEST_NAME ("digest")
721 #define KRB5_PKU2U_REALM_NAME ("WELLKNOWN:PKU2U")
722 #define KRB5_LKDC_REALM_NAME ("WELLKNOWN:COM.APPLE.LKDC")
724 #define KRB5_GSS_HOSTBASED_SERVICE_NAME ("WELLKNOWN:ORG.H5L.HOSTBASED-SERVICE")
725 #define KRB5_GSS_REFERALS_REALM_NAME ("WELLKNOWN:ORG.H5L.REFERALS-REALM")
728 KRB5_PROMPT_TYPE_PASSWORD
= 0x1,
729 KRB5_PROMPT_TYPE_NEW_PASSWORD
= 0x2,
730 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN
= 0x3,
731 KRB5_PROMPT_TYPE_PREAUTH
= 0x4,
732 KRB5_PROMPT_TYPE_INFO
= 0x5
735 typedef struct _krb5_prompt
{
739 krb5_prompt_type type
;
742 typedef int (KRB5_CALLCONV
* krb5_prompter_fct
)(krb5_context
/*context*/,
744 const char * /*name*/,
745 const char * /*banner*/,
747 krb5_prompt
/*prompts*/[]);
748 typedef krb5_error_code (KRB5_CALLCONV
* krb5_key_proc
)(krb5_context
/*context*/,
749 krb5_enctype
/*type*/,
751 krb5_const_pointer
/*keyseed*/,
752 krb5_keyblock
** /*key*/);
753 typedef krb5_error_code (KRB5_CALLCONV
* krb5_decrypt_proc
)(krb5_context
/*context*/,
754 krb5_keyblock
* /*key*/,
755 krb5_key_usage
/*usage*/,
756 krb5_const_pointer
/*decrypt_arg*/,
757 krb5_kdc_rep
* /*dec_rep*/);
758 typedef krb5_error_code (KRB5_CALLCONV
* krb5_s2k_proc
)(krb5_context
/*context*/,
759 krb5_enctype
/*type*/,
760 krb5_const_pointer
/*keyseed*/,
762 krb5_data
* /*s2kparms*/,
763 krb5_keyblock
** /*key*/);
765 struct _krb5_get_init_creds_opt_private
;
767 struct _krb5_get_init_creds_opt
{
769 krb5_deltat tkt_life
;
770 krb5_deltat renew_life
;
774 int change_password_prompt
;
775 krb5_enctype
*etype_list
;
776 int etype_list_length
;
777 krb5_addresses
*address_list
;
778 /* XXX the next three should not be used, as they may be
780 krb5_preauthtype
*preauth_list
;
781 int preauth_list_length
;
783 struct _krb5_get_init_creds_opt_private
*opt_private
;
786 typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt
;
788 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
789 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
790 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
791 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
792 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
793 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
794 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
795 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 /* no supported */
796 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
797 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
798 #define KRB5_GET_INIT_CREDS_OPT_CHANGE_PASSWORD_PROMPT 0x0400
800 /* krb5_init_creds_step flags argument */
801 #define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001
803 typedef struct _krb5_verify_init_creds_opt
{
806 } krb5_verify_init_creds_opt
;
808 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
810 typedef struct krb5_verify_opt
{
818 #define KRB5_VERIFY_LREALMS 1
819 #define KRB5_VERIFY_NO_ADDRESSES 2
821 #define KRB5_KPASSWD_VERS_CHANGEPW 1
822 #define KRB5_KPASSWD_VERS_SETPW 0xff80
824 #define KRB5_KPASSWD_SUCCESS 0
825 #define KRB5_KPASSWD_MALFORMED 1
826 #define KRB5_KPASSWD_HARDERROR 2
827 #define KRB5_KPASSWD_AUTHERROR 3
828 #define KRB5_KPASSWD_SOFTERROR 4
829 #define KRB5_KPASSWD_ACCESSDENIED 5
830 #define KRB5_KPASSWD_BAD_VERSION 6
831 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
833 #define KPASSWD_PORT 464
835 /* types for the new krbhst interface */
836 struct krb5_krbhst_data
;
837 typedef struct krb5_krbhst_data
*krb5_krbhst_handle
;
839 #define KRB5_KRBHST_KDC 1
840 #define KRB5_KRBHST_ADMIN 2
841 #define KRB5_KRBHST_CHANGEPW 3
842 #define KRB5_KRBHST_KRB524 4
843 #define KRB5_KRBHST_KCA 5
844 #define KRB5_KRBHST_READONLY_ADMIN 6
845 #define KRB5_KRBHST_TKTBRIDGEAP 7
847 typedef struct krb5_krbhst_info
{
848 enum { KRB5_KRBHST_UDP
,
850 KRB5_KRBHST_HTTP
} proto
;
852 unsigned short def_port
;
854 struct krb5_krbhst_info
*next
;
855 char hostname
[1]; /* has to come last */
858 /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
860 KRB5_KRBHST_FLAGS_MASTER
= 1,
861 KRB5_KRBHST_FLAGS_LARGE_MSG
= 2
864 typedef krb5_error_code (*krb5_sendto_prexmit
)(krb5_context
, int, void *, int, krb5_data
*);
865 typedef krb5_error_code
866 (KRB5_CALLCONV
* krb5_send_to_kdc_func
)(krb5_context
, void *, krb5_krbhst_info
*, time_t,
867 const krb5_data
*, krb5_data
*);
869 /** flags for krb5_parse_name_flags */
871 KRB5_PRINCIPAL_PARSE_NO_REALM
= 1, /**< Require that there are no realm */
872 KRB5_PRINCIPAL_PARSE_REQUIRE_REALM
= 2, /**< Require a realm present */
873 KRB5_PRINCIPAL_PARSE_ENTERPRISE
= 4, /**< Parse as a NT-ENTERPRISE name */
874 KRB5_PRINCIPAL_PARSE_IGNORE_REALM
= 8, /**< Ignore realm if present */
875 KRB5_PRINCIPAL_PARSE_NO_DEF_REALM
= 16 /**< Don't default the realm */
878 /** flags for krb5_unparse_name_flags */
880 KRB5_PRINCIPAL_UNPARSE_SHORT
= 1, /**< No realm if it is the default realm */
881 KRB5_PRINCIPAL_UNPARSE_NO_REALM
= 2, /**< No realm */
882 KRB5_PRINCIPAL_UNPARSE_DISPLAY
= 4 /**< No quoting */
885 typedef struct krb5_sendto_ctx_data
*krb5_sendto_ctx
;
887 #define KRB5_SENDTO_DONE 0
888 #define KRB5_SENDTO_RESET 1
889 #define KRB5_SENDTO_CONTINUE 2
890 #define KRB5_SENDTO_TIMEOUT 3
891 #define KRB5_SENDTO_INITIAL 4
892 #define KRB5_SENDTO_FILTER 5
893 #define KRB5_SENDTO_FAILED 6
894 #define KRB5_SENDTO_KRBHST 7
896 typedef krb5_error_code
897 (KRB5_CALLCONV
* krb5_sendto_ctx_func
)(krb5_context
, krb5_sendto_ctx
, void *,
898 const krb5_data
*, int *);
900 enum krb5_plugin_type
{
901 PLUGIN_TYPE_DATA
= 1,
902 PLUGIN_TYPE_FUNC
/* no longer supported */
906 * Since <krb5/common_plugin.h> is new with Heimdal 8, users looking to write
907 * portable plugins across Heimdal 7 and 8 need a conditional compilation
908 * predicate from a header file that does exist in both major releases. This
909 * is as good a place as any to define a plugin source-compatibility version
912 * When this macro is defined and is equal to 1, the Heimdal 8 plugin source
913 * API, and <krb5/common_plugin.h> header are available and should be used.
915 * In Heimdal 7, this macro is not defined, and <krb5/common_plugin.h> may not
918 #define KRB5_PLUGIN_COMMON_SPI_VERSION 1
920 #define KRB5_PLUGIN_INVOKE_ALL 1
923 (KRB5_LIB_CALL
*krb5_get_instance_func_t
)(const char *);
925 struct credentials
; /* this is to keep the compiler happy */
930 * Semi private, not stable yet
933 typedef struct krb5_crypto_iov
{
936 #define KRB5_CRYPTO_TYPE_EMPTY 0
937 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
938 #define KRB5_CRYPTO_TYPE_HEADER 1
940 #define KRB5_CRYPTO_TYPE_DATA 2
942 #define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
943 /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
944 #define KRB5_CRYPTO_TYPE_PADDING 4
945 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
946 #define KRB5_CRYPTO_TYPE_TRAILER 5
947 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
948 #define KRB5_CRYPTO_TYPE_CHECKSUM 6
957 krb5_timestamp value
;
958 } krb5_last_req_entry
;
960 typedef krb5_error_code
961 (KRB5_CALLCONV
* krb5_gic_process_last_req
)(krb5_context
, krb5_last_req_entry
**, void *);
964 krb5_enctype ks_enctype
;
965 krb5int32 ks_salttype
;
966 }krb5_key_salt_tuple
;
969 * Name canonicalization rule options
972 typedef enum krb5_name_canon_rule_options
{
973 KRB5_NCRO_GC_ONLY
= 1 << 0,
974 KRB5_NCRO_USE_REFERRALS
= 1 << 1,
975 KRB5_NCRO_NO_REFERRALS
= 1 << 2,
976 KRB5_NCRO_USE_FAST
= 1 << 3,
977 KRB5_NCRO_USE_DNSSEC
= 1 << 4,
978 KRB5_NCRO_LOOKUP_REALM
= 1 << 5
979 } krb5_name_canon_rule_options
;
981 typedef struct krb5_name_canon_rule_data
*krb5_name_canon_rule
;
982 typedef const struct krb5_name_canon_rule_data
*krb5_const_name_canon_rule
;
983 typedef struct krb5_name_canon_iterator_data
*krb5_name_canon_iterator
;
986 * krb5_get_init_creds_opt_set_pkinit flags
989 #define KRB5_GIC_OPT_PKINIT_USE_ENCKEY 2 /* use RSA, not DH */
990 #define KRB5_GIC_OPT_PKINIT_ANONYMOUS 4 /* anonymous PKINIT */
991 #define KRB5_GIC_OPT_PKINIT_BTMM 8 /* reserved by Apple */
992 #define KRB5_GIC_OPT_PKINIT_NO_KDC_ANCHOR 16 /* do not authenticate KDC */
995 * _krb5_principal_is_anonymous() flags
997 #define KRB5_ANON_MATCH_AUTHENTICATED 1 /* authenticated with anon flag */
998 #define KRB5_ANON_MATCH_UNAUTHENTICATED 2 /* anonymous PKINIT */
999 #define KRB5_ANON_IGNORE_NAME_TYPE 4 /* don't check the name type */
1000 #define KRB5_ANON_MATCH_ANY ( KRB5_ANON_MATCH_AUTHENTICATED | \
1001 KRB5_ANON_MATCH_UNAUTHENTICATED )
1002 #define KRB5_ANON_MATCH_ANY_NONT ( KRB5_ANON_MATCH_ANY | \
1003 KRB5_ANON_IGNORE_NAME_TYPE )
1009 struct hx509_certs_data
;
1010 typedef struct krb5_kx509_req_ctx_data
*krb5_kx509_req_ctx
;
1012 #include <krb5-protos.h>
1016 extern KRB5_LIB_VARIABLE
const char *krb5_config_file
;
1017 extern KRB5_LIB_VARIABLE
const char *krb5_defkeyname
;
1020 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_acc_ops
;
1021 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_dcc_ops
;
1022 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_fcc_ops
;
1023 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_mcc_ops
;
1024 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_kcm_ops
;
1025 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_akcm_ops
;
1026 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_scc_ops
;
1027 extern KRB5_LIB_VARIABLE
const krb5_cc_ops krb5_krcc_ops
;
1029 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_fkt_ops
;
1030 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_wrfkt_ops
;
1031 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_javakt_ops
;
1032 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_mkt_ops
;
1033 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_akf_ops
;
1034 extern KRB5_LIB_VARIABLE
const krb5_kt_ops krb5_any_ops
;
1036 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_api
;
1037 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_file
;
1038 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_memory
;
1039 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_kcm
;
1040 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_scc
;
1041 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_dcc
;
1042 extern KRB5_LIB_VARIABLE
const char *krb5_cc_type_keyring
;
1044 /* clang analyzer workarounds */
1046 #ifdef __clang_analyzer__
1048 * The clang analyzer (lint) can't know that krb5_enomem() always returns
1049 * non-zero, so code like:
1051 * if ((x = malloc(...)) == NULL)
1052 * ret = krb5_enomem(context)
1056 * causes false positives.
1058 * The fix is to make krb5_enomem() a macro that always evaluates to ENOMEM.
1060 #define krb5_enomem(c) (krb5_enomem(c), ENOMEM)
1063 #endif /* __KRB5_H__ */